[KI-LC] [BoT] Round 2 FTC Kantara Input regarding Security and Privacy

Dagg, Kenneth Kenneth.Dagg at tbs-sct.gc.ca
Thu May 23 15:29:11 EDT 2013


I reviewed the document and found some shortcomings. My personal concerns could be mitigated if there are other documents that describe the context of the Internet of Things (IoT). I have used COMMENTS to voice my personal concerns. My apologies, but given the short turnaround time, I regret not being able to recommend how the text could be changed but I just do not have the cycles.

It appears to me, with my minimal technical knowledge about the IoT, that the basic concepts of Access Control should apply to the IoT. If this is true, then I would suggest that a lot of the privacy and security implications have been identified. The prime difference, in my personal opinion, with traditional Access Control is the components, like they are in Trust Frameworks and Federations, are decoupled.

I also believe that a conceptual architecture of the IoT needs to be developed (if it already exists then I stand corrected). Without this type of understanding, it is my personal opinion that any standards / frameworks / infrastructures that are developed will be tend to be restrictive rather than accommodating. If my belief that Access Control applies then the architecture may essentially be done (could be based on the Attribute Based Access Control - NIST Special Publication 800-162).

The conceptual architecture would also include an architecture for "things" that identifies the type of information they contain, its functions (e.g., authentication), etc.


Kenneth Dagg
Senior Project Co-ordinator | Coordonnateur de projet supérieur
Security and Identity Management | Sécurité et gestion des identités
Chief Information Officer Branch | Direction du dirigeant principal de l'information
Treasury Board of Canada Secretariat | Secrétariat du Conseil du Trésor du Canada
Ottawa, Canada K1A 0R5
Kenneth.Dagg at tbs-sct.gc.ca<mailto:Kenneth.Dagg at tbs-sct.gc.ca>
Telephone | Téléphone 613-957-7041 / Facsimile | Télécopieur 613-954-6642 / Teletypewriter | Téléimprimeur 613-957-9090
Government of Canada | Gouvernement du Canada

[cid:image001.gif at 01CE57C8.EE89D850]

From: trustees-bounces at kantarainitiative.org [mailto:trustees-bounces at kantarainitiative.org] On Behalf Of Joni Brennan
Sent: May-23-13 2:10 PM
To: trustees at kantarainitiative.org; LC at kantarainitiative.org
Cc: Smedinghoff, Tom; Mark Lizar; Colin Soutar; Anna Slomovic/Equifax
Subject: [BoT] Round 2 FTC Kantara Input regarding Security and Privacy


Thank you Ingo for your first take at the FTC comments [1]!  I have edited them slightly and made some contributions to the document.
Please see attached.  Trustees and LC please advise of suggested inclusions or edits for the document.  I'm hopeful that some of our Privacy based membership will have additional comments. (I've copied a few of you directly but this is an open paper so don't hesitate to add others!)
Ideally we need to have the document finalized by May 29 (with no LC objections).  I would then like to submit the document as the Kantara ED and on behalf of the Leadership Council.
Please advise with any further comments or considerations to this activity.

[1] http://www.ftc.gov/opa/2013/04/internetthings.shtm
Best Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/lc/attachments/20130523/51bd6fd5/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 7226 bytes
Desc: image001.gif
Url : http://kantarainitiative.org/pipermail/lc/attachments/20130523/51bd6fd5/attachment-0001.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FTC-KI-Comments KD01.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 48276 bytes
Desc: FTC-KI-Comments KD01.docx
Url : http://kantarainitiative.org/pipermail/lc/attachments/20130523/51bd6fd5/attachment-0001.bin 

More information about the LC mailing list